RE: Deprecation of IPv6 atomic fragments (some good news)
<nalini.elkins@insidethestack.com> Fri, 14 April 2017 16:58 UTC
Return-Path: <nalini.elkins@insidethestack.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C362E1294EE for <ipv6@ietfa.amsl.com>; Fri, 14 Apr 2017 09:58:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.89
X-Spam-Level:
X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FORGED_MUA_MOZILLA=2.309, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-2.8, RCVD_IN_SORBS_SPAM=0.5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yegXupMQEaTT for <ipv6@ietfa.amsl.com>; Fri, 14 Apr 2017 09:58:47 -0700 (PDT)
Received: from nm10-vm3.bullet.mail.gq1.yahoo.com (nm10-vm3.bullet.mail.gq1.yahoo.com [98.136.218.94]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29F4B12946C for <6man@ietf.org>; Fri, 14 Apr 2017 09:58:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1492189126; bh=EbJNIKVSiJ4Pduwo+GSCQBEZa2M2LMsZDh7UF/97UrI=; h=Date:From:Reply-To:To:Cc:Subject:References:From:Subject; b=amsywTvLkORTt8819tUNoKm7QfwQWeoyW/LkgdKlWu3NHoaYDnS64tdrvL1IOsO+hVKZZUvIU+VjWjYzJlOHTu/HoRhTfcH4imt9MQQ5t59F8saVFoqiuKUAg2wbFzNSGJ2W7V+wJz0bTkNDeDIy4cvO/jxZ+qDcahzQoaEJcHcvxA6b9dQXx02Tx9QjAV53P4Z9gMNw9pTWP8XUHj8aBlCpAVwUTeeHDxDpC8POjy4Fyeu/T2pyqIdHupNLlmDk5OaRGfspkvT8jCKSI7w7seu1fcxMJe0yCVuJugug0buQXCYK/6zIG64Xm1YvDffcDyq2b3qAUn/fEHAqRneZHg==
Received: from [216.39.60.180] by nm10.bullet.mail.gq1.yahoo.com with NNFMP; 14 Apr 2017 16:58:46 -0000
Received: from [98.137.12.214] by tm16.bullet.mail.gq1.yahoo.com with NNFMP; 14 Apr 2017 16:58:46 -0000
Received: from [127.0.0.1] by omp1022.mail.gq1.yahoo.com with NNFMP; 14 Apr 2017 16:58:46 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 726438.73914.bm@omp1022.mail.gq1.yahoo.com
X-YMail-OSG: _tSE9SkVM1l5Ip_jEd4lF77reI17a7nCwuXd4q0p9H8AFwJN4ItbglpVZR7xiPE EE5R3T27GNq5r5a9TtNiHZf4InPDjwgRPdHFniz0_WDj39TRsXEOC09IvWZ6uw_2EiqzEYBykQj5 naWamrCnqMV1UID69rTNZjOJjfZz5MfseP339pFxycRF594.HKuYC8pbuokTIpVslkOgpLS_9pYR jcJwJQu54SBpaaar3WF3Q5k7P2EYiRBbmIKK0em6f657Dw1afKM2Qw_36u41SAfKIXYWk2qViw_O j.hpjoGAy0Mo3cvm9L8JrOb13JLjmnTfiXbqZKlZXLG1bvCMpfGVaHEpYOByTTWLfAsoxxAKRXOu m7a80PGw6A2qevItiLpAXt1Ka5oBM0t0LjlFbi3SMgxSI6V157VHGfNZZMRV9Oik5Rw5MAfiTvgu eTigfjydVJScsvMAzRWV_20IPl9EQXr.hoO2Yi5lXUYlt.9AUSWWk8FPEh5qYKKgyt.0qef2Vo3k qY_XG9ucq_RS2gRtFkAY2s.Rc7g7yJM9V1CCJ
Received: from jws300065.mail.gq1.yahoo.com by sendmailws125.mail.gq1.yahoo.com; Fri, 14 Apr 2017 16:58:46 +0000; 1492189126.343
Date: Fri, 14 Apr 2017 16:58:46 +0000
From: nalini.elkins@insidethestack.com
Reply-To: nalini.elkins@insidethestack.com
To: "nalini.elkins@insidethestack.com" <nalini.elkins@insidethestack.com>, Fernando Gont <fernando@gont.com.ar>, "6man@ietf.org" <6man@ietf.org>, Fred LTemplin <Fred.L.Templin@boeing.com>
Cc: "draft-ietf-6man-deprecate-atomfrag-generation@tools.ietf.org" <draft-ietf-6man-deprecate-atomfrag-generation@tools.ietf.org>
Message-ID: <437749081.545891.1492189126005@mail.yahoo.com>
Subject: RE: Deprecation of IPv6 atomic fragments (some good news)
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
References: <437749081.545891.1492189126005.ref@mail.yahoo.com>
X-Mailer: WebService/1.1.9408 YahooMailBasic Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/SaGxiYtDSXsLdBcOlN9deeKNyrc>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Apr 2017 16:58:50 -0000
Fred, Of course! Also, our Destination Option can be used for traffic other than TLS. In fact, any IPv6 traffic. Thanks, Nalini Elkins CEO and Founder Inside Products, Inc. www.insidethestack.com (831) 659-8360 -------------------------------------------- On Fri, 4/14/17, Templin, Fred L <Fred.L.Templin@boeing.com> wrote: Subject: RE: Deprecation of IPv6 atomic fragments (some good news) To: "nalini.elkins@insidethestack.com" <nalini.elkins@insidethestack.com>, "Fernando Gont" <fernando@gont.com.ar>, "6man@ietf.org" <6man@ietf.org> Cc: "draft-ietf-6man-deprecate-atomfrag-generation@tools.ietf.org" <draft-ietf-6man-deprecate-atomfrag-generation@tools.ietf.org> Date: Friday, April 14, 2017, 9:49 AM Hi Nalini, I don't want to be misunderstood - I support what you are proposing. In terms of tunneling, however, we are using TLS in some of our internal code and it looks like TLS provides a 64-bit sequence number that we are using for DPD (also reordering detection). But, as I think you are implying, the tunnel is only one link in what may be an IPv6 path over many links. So, it could be that the raw IPv6 packet may still want to include one of your options in case duplication might occur somewhere along the remaining IPv6 path once the packet emerges from the tunnel. So, I think it is OK. Thanks - Fred > -----Original Message----- > From: nalini.elkins@insidethestack.com [mailto:nalini.elkins@insidethestack.com] > Sent: Friday, April 14, 2017 9:37 AM > To: nalini.elkins@insidethestack.com; Fernando Gont <fernando@gont.com.ar>; 6man@ietf.org; Templin, Fred L > <Fred.L.Templin@boeing.com> > Cc: draft-ietf-6man-deprecate-atomfrag-generation@tools.ietf.org > Subject: RE: Deprecation of IPv6 atomic fragments (some good news) > > Fred, > > Very interesting comments. > > One thing, the Destination Option is set by the end host(s). Of course, the devices in the middle, if those are doing the encapsulation > rather than the end host, could certainly examine the Destination Option. > > As far as implementation, we are starting on code in the FreeBSD kernel at the end of next week & I have already had two other > requests for code samples. I believe that at least one person (other than us!) has already started on implementation. Let's see how > this rolls! > > Thanks, > > Nalini Elkins > CEO and Founder > Inside Products, Inc. > www.insidethestack.com > (831) 659-8360 > > -------------------------------------------- > On Fri, 4/14/17, Templin, Fred L <Fred.L.Templin@boeing.com> wrote: > > Subject: RE: Deprecation of IPv6 atomic fragments (some good news) > To: "nalini.elkins@insidethestack.com" <nalini.elkins@insidethestack.com>, "Fernando Gont" <fernando@gont.com.ar>, > "6man@ietf.org" <6man@ietf.org> > Cc: "draft-ietf-6man-deprecate-atomfrag-generation@tools.ietf.org" <draft-ietf-6man-deprecate-atomfrag- > generation@tools.ietf.org> > Date: Friday, April 14, 2017, 9:22 AM > > Hi Nalini, > > OK. But, tunnel encapsulations frequently > include 32-bit Identification values > (GRE, > GUE, IPsec, others) which can be used for DPD so I was > wondering if a > similar facility was > available for raw IPv6 packets. It sounds like with the > PSN feature your document is providing there is > opportunity for DPD but > in a different way > than widely-deployed tunneling systems currently do it. > > I think we had this same > conversation at one of the recent meetings, but > I am left wondering whether having two > different ways of doing DPD will > be > confusing to implementers. Maybe what you have is better, > but will > widely-deployed networking gear be > overhauled to pick up the new > feature? > > Thanks - Fred > > > -----Original Message----- > > From: nalini.elkins@insidethestack.com > [mailto:nalini.elkins@insidethestack.com] > > Sent: Friday, April 14, 2017 9:00 AM > > To: nalini.elkins@insidethestack.com; > Fernando Gont <fernando@gont.com.ar>; > 6man@ietf.org; > Templin, Fred L > > <Fred.L.Templin@boeing.com> > > Cc: draft-ietf-6man-deprecate-atomfrag-generation@tools.ietf.org > > Subject: RE: Deprecation of IPv6 atomic > fragments (some good news) > > > > You can use the sequence number (PSN) in > combination with the other fields > > > > PSNTP : Packet Sequence Number > This Packet > > PSNLR : Packet > Sequence Number Last Received > > DELTATLR > : Delta Time Last Received > > DELTATLS : > Delta Time Last Sent > > > > to get quite a good idea of duplicate > packets. You can also differentiate duplicate packets > from retransmissions. > > > > Thanks, > > > > Nalini Elkins > > CEO and > Founder > > Inside Products, Inc. > > www.insidethestack.com > > (831) 659-8360 > > > > > -------------------------------------------- > > On Fri, 4/14/17, Templin, Fred L <Fred.L.Templin@boeing.com> > wrote: > > > > Subject: > RE: Deprecation of IPv6 atomic fragments (some good news) > > To: "nalini.elkins@insidethestack.com" > <nalini.elkins@insidethestack.com>, > "Fernando Gont" <fernando@gont.com.ar>, > > "6man@ietf.org" > <6man@ietf.org> > > Cc: "draft-ietf-6man-deprecate-atomfrag-generation@tools.ietf.org" > <draft-ietf-6man-deprecate-atomfrag- > > > generation@tools.ietf.org> > > Date: Friday, April 14, 2017, 8:53 AM > > > > Oh, I just looked > and saw that > > the option presents > 16-bit Packet Sequence Numbers. > > I was > thinking 32 for use cases such as > > > Duplicate Packet Detection. Is there any way to > > get a 32-bit Identification? > > > > Thanks - Fred > > > > > > -----Original > > Message----- > > > From: ipv6 [mailto:ipv6-bounces@ietf.org] > > On Behalf Of Templin, Fred L > > > Sent: > > > Friday, April 14, 2017 8:50 AM > > > > To: nalini.elkins@insidethestack.com; > > Fernando Gont <fernando@gont.com.ar>; > > 6man@ietf.org > > > Cc: draft-ietf-6man-deprecate-atomfrag-generation@tools.ietf.org > > > Subject: RE: Deprecation of IPv6 > atomic > > fragments (some good news) > > > > > > Very > good. Thanks. > > > > > > > > Fred > > > > > > > > -----Original Message----- > > > > > From: nalini.elkins@insidethestack.com > > [mailto:nalini.elkins@insidethestack.com] > > > > Sent: Friday, April 14, 2017 > 8:45 > > AM > > > > > To: Fernando Gont <fernando@gont.com.ar>; > > 6man@ietf.org; > > Templin, Fred L <Fred.L.Templin@boeing.com> > > > > Cc: draft-ietf-6man-deprecate-atomfrag-generation@tools.ietf.org > > > > Subject: RE: Deprecation of > IPv6 > > atomic fragments (some good > news) > > > > > > > > > > > Fred, > > > > > > > > > > For sequence numbers in > IPv6, > > You may wish to look at > > > > > > > > > https://datatracker.ietf.org/doc/draft-ietf-ippm-6man-pdm-option/ > > > > > > > > > which was > > on the telechat agenda > for Thursday. We will be > > > addressing all the comments & hope to be rolling > quite > > soon. > > > > > > > > > > > Thanks, > > > > > > > > > > > > Nalini Elkins > > > > CEO and > Founder > > > > Inside Products, > Inc. > > > > > www.insidethestack.com > > > > > (831) 659-8360 > > > > > > > > > > > > > -------------------------------------------- > > > > On Fri, 4/14/17, Templin, Fred > L > > <Fred.L.Templin@boeing.com> > > wrote: > > > > > > > > > > > > Subject: RE: Deprecation of IPv6 atomic fragments (some > good > > news) > > > > > To: "Fernando > > > Gont" <fernando@gont.com.ar>, > > "6man@ietf.org" > > <6man@ietf.org> > > > > Cc: "draft-ietf-6man-deprecate-atomfrag-generation@tools.ietf.org" > > > <draft-ietf-6man-deprecate-atomfrag- > > > > > > generation@tools.ietf.org> > > > > Date: Friday, April 14, > 2017, 8:40 > > AM > > > > > > > > > Hi > > Fernando, > > > > > > > > > > > > With the deprecation of atomic fragments, is > > > > there another way to > include > > > > an > > > > > > > Identification value in the header of an IPv6 packet? Do > > we > > > > > need a new > > > > extension > header or destination > > > > > option for that? > > > > > > > > Thanks > > - > > > > > Fred > > > > > > > > > > > > > -----Original > > > > > Message----- > > > > > > > From: ipv6 [mailto:ipv6-bounces@ietf.org] > > > > On Behalf Of Fernando > Gont > > > > > Sent: > > > > > > > Friday, April 14, 2017 8:28 AM > > > > > > > > To: 6man@ietf.org > > > > > Cc: draft-ietf-6man-deprecate-atomfrag-generation@tools.ietf.org > > > > > Subject: Deprecation of > IPv6 > > atomic > > > > > fragments (some good > > > news) > > > > > > > > > > > > > Folks, > > > > > > > > > > Thought it might be > good > > feedback for the > > > > group. Juniper > > published a > > > > > > > > > > vulnerability > advisory with patches > > for the issue > discussed > > > > in > > RFC8021: > > > > > > <https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10780&actp=SUBSCRIPTION> > > > > > > > > > > > > > Besides providing > > > > the > > > rationale for the change in rfc2460bis and > > > > > RFC7915, this kind of > thing > > was one of the > > > > motivations for > > working on > > > > > > such RFC. > > > > > > > > > > > > > > Thanks! > > > > > > > > > > Cheers, > > > > > > > > -- > > > > > Fernando > > Gont > > > > > > e-mail: fernando@gont.com.ar > > > > || fgont@si6networks.com > > > > > PGP Fingerprint: 7809 > 84F5 > > 322E 45C7 F1C9 > > > > 3945 96EE A9EF > > D076 FFF1 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -------------------------------------------------------------------- > > > > > IETF IPv6 working > group > > mailing list > > > > > ipv6@ietf.org > > > > > Administrative > Requests: https://www.ietf.org/mailman/listinfo/ipv6 > > > > > > > > > > > > > > > -------------------------------------------------------------------- > > > > > > > > > > > > > > > > -------------------------------------------------------------------- > > > > IETF IPv6 working group > mailing > > list > > > > > ipv6@ietf.org > > > > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > > > > > > > -------------------------------------------------------------------- > > > > > > > > > > > > > -------------------------------------------------------------------- > > > IETF IPv6 working group mailing > list > > > ipv6@ietf.org > > > Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 > > > > > > -------------------------------------------------------------------- > > > > > >
- RE: Deprecation of IPv6 atomic fragments (some go… Templin, Fred L
- RE: Deprecation of IPv6 atomic fragments (some go… nalini.elkins
- RE: Deprecation of IPv6 atomic fragments (some go… Templin, Fred L
- RE: Deprecation of IPv6 atomic fragments (some go… nalini.elkins
- RE: Deprecation of IPv6 atomic fragments (some go… Templin, Fred L
- RE: Deprecation of IPv6 atomic fragments (some go… Templin, Fred L
- RE: Deprecation of IPv6 atomic fragments (some go… nalini.elkins
- RE: Deprecation of IPv6 atomic fragments (some go… Templin, Fred L
- Deprecation of IPv6 atomic fragments (some good n… Fernando Gont
- Re: Deprecation of IPv6 atomic fragments (some go… Michael Richardson
- RE: Deprecation of IPv6 atomic fragments (some go… nalini.elkins